1 |
jpp |
1.1 |
diff -Nur --no-dereference smeserver-mod_dav-1.1.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/95Addmod_dav2ibays smeserver-mod_dav-1.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/95Addmod_dav2ibays |
2 |
|
|
--- smeserver-mod_dav-1.1.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/95Addmod_dav2ibays 2022-07-28 23:51:31.454000000 -0400 |
3 |
jpp |
1.2 |
+++ smeserver-mod_dav-1.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/95Addmod_dav2ibays 2022-07-29 00:52:11.073000000 -0400 |
4 |
jpp |
1.1 |
@@ -13,7 +13,7 @@ |
5 |
|
|
$OUT .= "\n # ibay $key disabled for httpd so no DAV access\n" if $access eq 'none'; |
6 |
|
|
next if $access eq 'none'; |
7 |
|
|
# true if have to be password accessible from somewhere. |
8 |
|
|
- my $satisfy = ($access eq 'global-pw-remote')? 'any': 'all'; |
9 |
|
|
+ my $satisfy = ($access eq 'global-pw-remote')? 'RequireAny': 'RequireAll'; |
10 |
|
|
if ($properties{'ModDav'}) |
11 |
|
|
{ |
12 |
|
|
if ($properties{'ModDav'} eq 'enabled') |
13 |
jpp |
1.2 |
@@ -32,10 +32,10 @@ |
14 |
|
|
if ($dynamicContent eq 'enabled' && $secureEXEC eq 'enabled') |
15 |
|
|
{ |
16 |
|
|
# we do not want PHP or CGI to be runt there for security reason |
17 |
|
|
- $OUT .= " <FilesMatch \\.php\$>\n"; |
18 |
|
|
+ $OUT .= " <FilesMatch \\.(phar|php)\$>\n"; |
19 |
jpp |
1.1 |
$OUT .= " #disabling php\n"; |
20 |
|
|
$OUT .= " SetHandler !\n"; # could use also SetHandler none |
21 |
|
|
- $OUT .= " deny from all\n" if ( $properties{'ModDavHidePHP'} || 'enabled' ) eq 'enabled'; |
22 |
|
|
+ $OUT .= " Require all denied\n" if ( $properties{'ModDavHidePHP'} || 'enabled' ) eq 'enabled'; |
23 |
|
|
$OUT .= " </FilesMatch>\n"; |
24 |
|
|
$OUT .= " Options -ExecCGI\n"; |
25 |
|
|
$OUT .= " RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo\n"; |
26 |
|
|
@@ -54,15 +54,14 @@ |
27 |
|
|
$OUT .= " DirectoryIndex disabled\n\n" unless ( ($properties{'ModDavNoDirectoryIndex'}||"enabled" ) eq "disabled"); |
28 |
|
|
$OUT .= " #DirectoryIndex disabled : DavNoDirectoryIndex has been defined to force DirectoryIndex \n\n" if ( ($properties{'ModDavNoDirectoryIndex'}||"enabled" ) eq "disabled"); |
29 |
|
|
|
30 |
|
|
- $OUT .= " order deny,allow\n"; |
31 |
|
|
- $OUT .= " deny from all\n"; |
32 |
|
|
- $OUT .= " " . $ReadAllow . "\n"; |
33 |
|
|
$OUT .= " AuthName \"$properties{'Name'}\"\n"; |
34 |
|
|
$OUT .= " AuthBasicProvider external\n"; |
35 |
|
|
$OUT .= " AuthType Basic\n"; |
36 |
|
|
$OUT .= " AuthExternal pwauth\n"; |
37 |
|
|
- $OUT .= " " . $ReadRequire . "\n"; |
38 |
|
|
- $OUT .= " Satisfy $satisfy\n\n"; |
39 |
|
|
+ $OUT .= " <$satisfy>\n"; |
40 |
|
|
+ $OUT .= " " . $ReadRequire . "\n"; |
41 |
|
|
+ $OUT .= " " . $ReadAllow . "\n"; |
42 |
|
|
+ $OUT .= " </$satisfy>\n\n"; |
43 |
|
|
|
44 |
|
|
# Ensure only valid users get to do stuff... update 2021/02: |
45 |
|
|
# GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK |
46 |
|
|
@@ -72,14 +71,15 @@ |
47 |
|
|
# however we put our limit to the whole folder with the Require user .... above, so the whole block under seems useless |
48 |
|
|
# unless we reduce it to one user, or are fool to enlarge to Require valid-user |
49 |
|
|
# $OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\n\n"; |
50 |
|
|
-# $OUT .= " Allow from all\n"; |
51 |
|
|
+# $OUT .= " #Require all granted\n"; |
52 |
|
|
# $OUT .= " Require user $userlist\n\n"; |
53 |
|
|
# $OUT .= " </Limit>\n\n"; |
54 |
|
|
|
55 |
|
|
$OUT .= " <LimitExcept GET POST PROPFIND OPTIONS CONNECT>\n"; |
56 |
|
|
- $OUT .= " " . $WriteRequire . "\n"; |
57 |
|
|
- $OUT .= " Satisfy All\n"; |
58 |
|
|
- $OUT .= " ". $WriteAllow ."\n"; |
59 |
jpp |
1.2 |
+ $OUT .= " <RequireAll>\n"; |
60 |
jpp |
1.1 |
+ $OUT .= " " . $WriteRequire . "\n"; |
61 |
|
|
+ $OUT .= " ". $WriteAllow ."\n"; |
62 |
jpp |
1.2 |
+ $OUT .= " </RequireAll>\n"; |
63 |
jpp |
1.1 |
$OUT .= " </LimitExcept>\n\n"; |
64 |
|
|
$OUT .= "</Directory>\n"; |
65 |
|
|
} |
66 |
|
|
diff -Nur --no-dereference smeserver-mod_dav-1.1.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/21IbayWebDav smeserver-mod_dav-1.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/21IbayWebDav |
67 |
|
|
--- smeserver-mod_dav-1.1.old/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/21IbayWebDav 2022-07-28 23:51:31.454000000 -0400 |
68 |
|
|
+++ smeserver-mod_dav-1.1/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/21IbayWebDav 2022-07-29 00:03:53.101000000 -0400 |
69 |
|
|
@@ -14,8 +14,6 @@ |
70 |
|
|
$OUT .= "\n # ibay $key disabled for httpd so no DAV access\n" if $access eq 'none'; |
71 |
|
|
next if $access eq 'none'; |
72 |
|
|
# true if have to be password accessible from somewhere. |
73 |
|
|
- my $ispassibay = $access =~ /-pw/; |
74 |
|
|
- my $satisfy = ($access eq 'global-pw-remote')? 'any': 'all'; |
75 |
|
|
if ($properties{'ModDav'}) |
76 |
|
|
{ |
77 |
|
|
if ($properties{'ModDav'} eq 'enabled') |
78 |
|
|
diff -Nur --no-dereference smeserver-mod_dav-1.1.old/root/usr/share/perl5/vendor_perl/esmith/DAV.pm smeserver-mod_dav-1.1/root/usr/share/perl5/vendor_perl/esmith/DAV.pm |
79 |
|
|
--- smeserver-mod_dav-1.1.old/root/usr/share/perl5/vendor_perl/esmith/DAV.pm 2022-07-28 23:51:31.457000000 -0400 |
80 |
|
|
+++ smeserver-mod_dav-1.1/root/usr/share/perl5/vendor_perl/esmith/DAV.pm 2022-07-29 00:09:32.842000000 -0400 |
81 |
|
|
@@ -67,22 +67,22 @@ |
82 |
|
|
sub getAllow { |
83 |
|
|
my ($mode, $key, $localAccess ) = @_; |
84 |
|
|
$localAccess = (defined $localAccess ) ? $localAccess : "127.0.0.1"; |
85 |
|
|
- my $ibay = $adb->get($key) or return "allow from 127.0.0.1"; |
86 |
|
|
- my %properties = $ibay->props or return "allow from 127.0.0.1"; |
87 |
|
|
+ my $ibay = $adb->get($key) or return "Require ip 127.0.0.1"; |
88 |
|
|
+ my %properties = $ibay->props or return "Require ip 127.0.0.1"; |
89 |
|
|
my $Public = $properties{'PublicAccess'} || 'none'; |
90 |
|
|
|
91 |
|
|
- my $allow = "allow from 127.0.0.1"; |
92 |
|
|
+ my $allow = "Require ip 127.0.0.1"; |
93 |
|
|
if ($Public eq 'none') |
94 |
|
|
{ |
95 |
|
|
$allow = "# allow from set to NONE"; |
96 |
|
|
} |
97 |
|
|
elsif ($Public =~ /(local|remote)/ ) |
98 |
|
|
{ |
99 |
|
|
- $allow = "allow from " . $localAccess; |
100 |
|
|
+ $allow = "Require ip " . $localAccess; |
101 |
|
|
} |
102 |
|
|
elsif ($Public =~ /global/) |
103 |
|
|
{ |
104 |
|
|
- $allow = "allow from all"; |
105 |
|
|
+ $allow = "Require all granted"; |
106 |
|
|
} |
107 |
|
|
return $allow; |
108 |
|
|
} |